1. Field of the Invention
The present invention relates to information and document management. In particular, the present invention relates to systems and methods for managing data in compliance with privacy, security and/or retention standards in business industries.
2. Background and Related Art
Information management has become an important part of business in a variety of different business industries. By way of example, in the medical industry, information is gathered from patients, physician services, medical research, medical training, insurance policy underwriting, and the like. The medical information has proven to be beneficial to patients, physicians, other medical service providers, and other business entities. For example, insurance companies that provide life, health, disability income, long term care, casualty, and reinsurance policies routinely require medical information for analysis as to policy eligibility. Typically, the analysis of medical information includes reviewing such medical records as an attending physician's statement, which is considered to be a very reliable record as it contains analyses and conclusions by a licensed medical professional. Medical records are also used in determining the amount of risk presented by an individual for a policy, and in determining causation and other issues relevant to insurance claim adjusting.
Currently, medical records are generally available, but are not easily accessible because of the confidential nature of the information. Accordingly, the medical records are protected by established professional conduct and by enacted legislation requiring the patient's consent prior to disclosure of the medical record information. Further, a large majority of the medical record information is restricted to paper documentation that is located in the office file rooms of the medical service providers, restricting the sharing of information.
In order to prevent the expense of filling office space with voluminous records, some medical providers are migrating to electronic record systems, and are converting paper records to electronic records. However, like their paper counterparts, the electronic records typically remain isolated from external sources.
Currently, a delay is generally experienced when requesting information from a medical information repository, such as a physician's office. The delay is due to the paper-only format of the records, the need for personnel time to pull the records and provide the requestor with a copy thereof, and the low priority that is assigned to such requests by medical providers. Typically, the delay in underwriting insurance policies may cause applicants to lose interest, and cause a consequent loss of business to the insurer.
In an effort to shorten delays, some requesters utilize agents to travel to the various medical offices to manually retrieve copies of the medical records. Although this may partially accelerate the obtaining of the records, the cost in performing this service can be expensive and the technique does not address the problem of determining whether the retrieved record is complete, and whether other records exist. Moreover, even when the existence and location of a record are known, its relevance remains uncertain until retrieved and reviewed.
Health care providers and emergency medical technicians also have a need to access medical records. Health care providers and emergency medical technicians are typically required to make decisions regarding the care of a patient under circumstances in which paper records are unavailable. The inability of traditional techniques to provide medical record information to health care providers and emergency medical technicians increases the risk of improper treatment and the likelihood of medical malpractice.
A further complication in the providing of medical information to a particular requester lies in established regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), which mandates regulations that govern privacy, security, and electronic transactions standards for health care information. The regulations require major changes in how health care organizations handle all facets of medical information management, including reimbursements, coding, security, and patient records. The regulations have a far-reaching impact on every department of every entity that provides or pays for health care.
For example, HIPAA requires that the medical entity enable patients to first view any and all patient-specific information that the entity may have concerning them, and that the medical entity enable patients to make annotations or comments pertinent to the information that the entity has provided. Further, patients may request that information be corrected. Accordingly, the entity is required to enable a patient-driven “editorial commenting” capability. While the medical entity is not necessarily obligated to make any actual “corrections” to their internal records, they are required to indicate that the patient has registered their comments or made certain suggested changes to their personal information.
Such requirements may generally be considered as a real detriment by many medical entities. Yet to others it represents an opportunity for the entity (e.g. a physician or others who may hold crucial clinical information, such as a prescription history) to document and publish the fact that the patient himself has actually viewed and verified as of a certain date the accuracy and completeness of their personal information that the entity has about them. In the case of retrieving and viewing a current prescription history, the patient-verified history would be very assuring to an emergency room physician who is treating the patient.
Accordingly, it would be an improvement in the art to enable affected entities to comply with privacy and security standards, including regulations that have been enacted, and to facilitate information management and exchange without breaching duties of confidentiality or professional relationships.